FUND SERVICES BUSINESS & COLLECTIVE INVESTMENT FUNDS ON-SITE EXAMINATION PROGRAM 2014 SUMMARY FINDINGS

Introduction

In 2014, the Commission also conducted a joint examination with the UK Financial Conduct Authority (“FCA”) of a local fund services provider where the Commission is the lead regulator. This was the first time that the FCA joined the Commission on an examination in Jersey of a fund services business. The Commission has in the past joined the FCA and the Prudential Regulatory Authority (“PRA”) on joint examinations of a group entity in both the UK and Switzerland where the Jersey entity is the head office and the Commission is the lead regulator.

The purpose of an on-site examination is to assess a business in terms of its performance against the legislative and regulatory framework, i.e. Laws, Orders, Recognized Fund Rules, Codes of Practice for Fund Services Business (“FSB Codes”), and Codes of Practice for Certified Funds (“CIF Codes”) as well as the Handbook for the Prevention and Detection of Money Laundering and the Financing of Terrorism for Financial Services Business Regulated under the Regulatory Laws (“Handbook”).

The Commission undertook supervision on-site examinations during the year which were mostly broad in scope and designed to more closely examine fund services businesses and the regulated collective investment schemes they provide services to.

A thematic review: ‘Eligibility of Investors’ was also conducted on a selection of Jersey collective investment funds to review compliance with the Expert Fund Guide.

The on-site examinations encompassed an assessment of parts of the businesses’ policies and procedures in relation to the specific areas being examined. Commission officers reviewed, on a sample basis, the records and files maintained by the fund services businesses and held discussions with management and staff involved in operational and compliance matters. The outcome of the assessment and discussions were then measured against the businesses’ procedures and the relevant legislative and regulatory framework.

A total of 36 on-site examinations were conducted in 2014. A number of these examinations were cross sector involving fund services business and other divisions, primarily trust company business and investment business.

Findings (using the same numbers as found in the JFSC report)

The findings were as follows

6 Internal Systems and Controls
7 AML/CFT
8 Corporate Governance
9 Certified Funds
10 Supervisory Review

Each of the are expanded upon below

6 Internal Systems and Controls

6.1 This category consists of five areas, namely:
6.1.1 Compliance Function,
6.1.2 Outsourcing and Delegating,
6.1.3 Policies and Procedures,
6.1.4 Operational Risk, and
6.1.5 Manager of a Managed Entity (“MoME”) oversight of managed entities.

6.2 The Compliance Function

6.2.1 Approximately 19% of the findings relate to the compliance function, which includes compliance resourcing; reporting and the compliance monitoring programme.

6.3 Compliance Resourcing

6.3.1 The Codes require that the compliance function is able to devote sufficient time and resources in order to properly discharge its responsibilities. It is therefore a concern for the Commission when a registered person does not have an adequately resourced compliance function.

6.3.2 Findings highlighted lack of resource as the main reason for failure to properly implement the compliance monitoring plan and day-to-day compliance activities, such as advice and support to the business on regulatory matters and lack of oversight of outsourced and delegated activities.

6.4 Compliance Reporting

6.4.1 In 2014, there has been a decrease from previous years in the number of findings for failing to table compliance reports to the board for review/approval, which is encouraging.

6.5 Compliance Monitoring Program

6.5.1 The Commission considers regular risk-based compliance monitoring as an essential part of a registered person’s risk control framework as it tests compliance with and adequacy of internal policies and procedures.

6.5.2 As in previous years, the majority of findings continue to be in relation to the quality of the compliance monitoring program; its implementation and lack of underlying testing.

6.5.3 The Commission has generally seen an improvement in the quality of the compliance monitoring programs. However, a number of registered persons are still not including sufficient detail to explain the objective and frequency of the monitoring, the scope of testing and detail on how the testing should be performed and the desired outcome.

6.5.4 There are also a number of findings relating to the lack of independent sample testing or verification by the Compliance function of monitoring undertaken by the business and this continues to be a common finding.

6.5.5 One of the most serious findings was in relation to a registered person that did not conduct any compliance monitoring for the previous year, due primarily to the departure of the registered compliance officer and other changes in compliance personnel. A small number of other registered persons conducted limited monitoring for the same reasons. In these circumstances the Commission would expect the registered person to notify the Commission, and to seek were necessary the support of external consultants to assist with the monitoring, where the compliance function is stretched or temporarily under resourced.

6.6 Outsourcing and Delegation

6.6.1 The Commission recognises that outsourcing and delegating functions has become a common practice and can bring benefits to registered persons and their clients. However, along with the benefits, outsourcing and delegating may present additional risks which the registered person needs to manage by ensuring compliance with the Commission’s Outsourcing and Delegation Policy (“Outsourcing Policy”).

6.6.2 Findings in this area relate primarily to a registered person’s oversight of the outsourced/delegated function.

6.6.3 All of the service providers examined had a written service level agreement (“SLA”) in place, which is a requirement of Core Principle 2 of the Outsourcing Policy. However, the quality of the SLA’s varied. Some SLA’s did not fully reflect the requirements in the Outsourcing Policy whilst a small number were materially deficient.

6.6.4 The Commission found that SLA’s were not always followed, for example annual reviews to assess the outsourced/delegated provider did not take place, or the annual review did take place but was not documented and presented to the board as per the requirement in the SLA.

6.6.5 Other findings relate to the registered person not conducting appropriate due diligence on the outsourced service provider.

6.6.6 There was also an example of the registered person not having sufficient capacity, i.e. skills and knowledge to be able to assess whether the outsourced activity is being performed adequately in compliance with Core Principle 3 of the Outsourcing Policy.

6.7 Policies and Procedures

6.7.1 Missing policies and procedures and inaccurate/out-of-date policies and procedures constitute 17% of the findings in this category.

6.7.2 Findings range from procedures not reflecting the action required in a SLA with an outsourced service provider to procedures not referring to current regulatory requirements.

6.7.3 Some procedures were neither adequate, nor fit for purpose, as they did not include key areas, for example a conflicts of interest procedure being too narrow in scope and aimed only at one part of the business such as directors rather than covering the whole business.

6.7.4 There were also missing procedures, for example the investment management process within one registered person not being documented.

6.7.5 Other findings relate to the procedures manual not being updated to reflect current regulatory requirements. For example, there was a significant change to the FSB Codes, effective 1 July 2014. A revised version highlighting the changes was issued on 24 January 2014 to afford industry a reasonable period of time to effect any changes to their policies and procedures before the effective date. However, some firms did not update their procedures manual to reflect these key changes.

6.8 Operational Risk

6.8.1 Findings relate to failure by registered persons to follow the record keeping provisions and make up 3.5% of the overall findings and inadequate business continuity provisions which represented 1.5% of the overall findings.

6.9 MoME oversight of managed entities

6.9.1 Findings relate to weaknesses in the management of managed entities such as delays in the signing by the MoME of the agreement with the managed entity, infrequent board meetings and limited compliance monitoring.

7 AML/CFT

7.1 AML/CFT findings constitute 27% of the overall figure broken down into four key areas listed below with their percentage.

· AML/CFT Governance 14%
· Customer Due Diligence (“CDD”)/Customer Profile 8%
· Monitoring Activity and Transactions 2%
· Suspicious Activity Report (“SAR”) Process 3%

7.2 AML/CFT Governance

7.2.1 AML/CFT Governance findings account for the largest percentage of the AML/CFT category, broken down into the following areas, illustrated graphically below.

7.3 AML Business Risk Assessment (“BRA”)

7.3.1 As the above graph illustrates, poor BRA constitutes the largest finding. Whilst the majority of firms have an AML BRA in place, the content and quality of the BRA is still an issue for some firms.

7.3.2 Findings range from failure to include key AML/CFT risks in the assessment, such as reliance on obliged persons; jurisdictional risk, in particular the increased exposure a firm and a collective investment fund has to its clients/investors from higher risk jurisdictions, and failure to keep the BRA up to date so that it reflects the current risks within a business.

7.4 Customer Due Diligence (“CDD”) and Customer Profile

7.4.1 Findings relating to customer profiling constituted just over 3% of the overall figure and were in relation to registered persons not applying an appropriate risk rating to some of their clients/customers due primarily to an inadequate risk methodology.

7.4.2 The majority of findings in respect of CDD were mainly in relation to the timing of identification and verification of clients. Of these, a small number related to the registered person failing to adequately consider terminating the client relationship when the CDD was deficient, and constituted 1.4% of the overall findings.

7.4.3 There was a limited number of findings, just under 2% of the overall findings, in relation to registered persons placing reliance on obliged persons to undertake client/investor due diligence. Obliged persons were being relied on, without the registered persons first having risk assessed the obliged person to ensure that it was appropriate to do so, having regard to the money laundering/terrorist financing risks of doing so.

7.4.4 Failure to sample test and ensure obliged persons held the requisite client CDD was also noted in a small number of findings.

7.5 Monitoring Transactions

7.5.1 There were a small number of findings in this category mainly in relation to sanctions monitoring and reliance on group systems.

7.6 SAR Process

7.6.1 The process for the submission of both internal and external SARs is a very important requirement of the AML/CFT regime. It is imperative therefore that registered persons have a SAR process in place that enables full compliance with the legislative and regulatory requirements.

7.6.2 Findings relate to the adequacy of the internal and external SAR reporting and the importance of having a clearly documented procedure, with a defined audit trail, evidencing the MLRO’s rationale should they not choose to externalise an internal report.

7.6.3 Another finding related to where the responsibility lay for submitting a SAR when the suspicious activity is raised by an outsourced service provider operating in another jurisdiction, who submitted an external SAR to their local Financial Intelligence Unit. The question raised was whether this was sufficient to discharge the obligation of the registered person to submit an external SAR when they became aware of the suspicion? Despite the disclosure by the outsourced service provider, the registered person, in this situation, has an obligation to make a report to the Jersey Financial Crimes Unit.

7.6.4 The SAR process will continue to be a focus for the Commission, and is a theme for the fund services business on-site examination program in 2015.

8 Corporate Governance

8.1 This category consists of 4 key areas:

8.1.1 Board Meetings and Committees
8.1.2 Conflicts of Interest
8.1.3 Personal Account Dealing
8.1.4 Assessment of Business Risk

8.2 Board Meetings and Committees

8.2.1 Most of the findings in this category relate to the effectiveness of board meetings and the terms of reference for committees with delegated authority from the board, and constitutes 9% of the overall examination findings.

8.2.2 A number of findings relate to board minutes failing to adequately record the deliberations of the board and action points not being followed up in a timely manner. The Commission considers it an essential requirement of an effective corporate governance framework that board minutes provide an accurate reflection of board discussions and agreed outcomes. Also, it is important that any action points arising from the meetings are clearly documented and acted upon.

8.2.3 Lack of attendance at board and committee meetings by individual directors or members, was also a finding for a small number of registered persons.

8.2.4 It is common practice for registered persons to establish committees to exercise certain of the control and risk management responsibilities. It was noted in a small number of findings that there were deficiencies in the terms of reference (“ToR”) for these committees. For example, the frequency of meetings was not reflected in practice and reports from committees were not being tabled at the board for consideration.

8.2.5 The Commission considers that effective corporate governance is partly dependent on accurate committee and board ToRs being in place and recommends that they should be reviewed on a regular basis to ensure that they remain current and valid.

8.3 Conflicts of Interest

8.3.1 Identifying and managing conflicts of interest is a fundamental obligation for registered persons and a continued focus of the Commission during on-site examinations.

8.3.2 Findings include failure to adequately record and consider key conflicts for example; instances where a compliance officer also has operational responsibilities within the business or where a board member is also a shareholder of another group entity.

8.3.3 Whilst some firms had recorded actual and potential conflicts, they did not record how the conflicts of interests would be managed. This is an essential requirement if the board is to be satisfied that conflicts are being managed appropriately.

8.4 Personal Account (“PA”) Dealing

8.4.1 The number of findings in this area has increased from previous years. This is mainly due to a greater focus by the Commission during on-site examinations, particularly (although not exclusively) for service providers who act as Investment Manager and/or Investment Adviser to funds.

8.4.2 The primary purpose of a PA dealing policy is to manage the potential conflict of staff dealing on their own account as well as dealing for clients, and to ensure that the registered person is acting in the best interests of the client at all times. It is also an important control against the potential risk of insider dealing or market abuse occurring.

8.4.3 Findings relate mainly to the adequacy of a registered person’s PA dealing policy, breaches of the policy, and how those breaches are dealt with.

8.4.4 Generally, the Commission found the quality of PA dealing policies and procedures varied from firm to firm. The more comprehensive policies tended to be from the larger firms.

8.4.5 In terms of breaches, findings range from failure to obtain appropriate prior sign off for a PA transaction, to key individuals not following the PA dealing policy and procedure, resulting in their trades not being captured.

8.4.6 Some findings relate to the PA dealing policy lacking detail on the action a registered person would take if there was a breach of the policy, and the escalation process to be followed, either to the board and/or the HR function, if the breach involved potential disciplinary action.

8.4.7 Also, there have been some instances where the policy and procedure was not fully communicated to staff, and training recommended to ensure staff understand their obligations.

8.4.8 Whilst the overall number of findings for PA Dealing constitutes less than 3%, this will be an area of continued focus in 2015. This is primarily because the Commission considers effective implementation of a PA dealing policy to be an important control in a registered person’s risk management framework to manage potential conflicts of interest.

8.5 Assessment of Business Risk

8.5.1 The majority of findings relate to the failure to include business/operational risk as well as AML/CFT risk, in accordance with 3.1.3.1 of the FSB Codes, in business risk assessments. The Commission still finds that some registered persons overlook the wider risks applicable to their businesses, and while they may have a comprehensive AML/CFT risk assessment, the operational BRA is lacking or in some cases non-existent.

9 Certified Funds

9.1 The on-site examination program for 2014 consisted of a combination of general Supervision examinations of certified funds against the requirements of the Collective Investment Funds (Jersey) Law 1988 and CIF Codes, as well as a thematic review: ‘Eligibility of Investors’, focusing on investors’ eligibility against the requirements of the Expert Fund Guide.

9.2 Thematic review – Eligibility of Investors

9.2.1 The themed review was conducted on eight Jersey Collective Investment funds and resulted in a small number of findings.

9.2.2 Some findings related to investors not meeting the minimum investment criteria outlined in the fund’s constitutive documents. In one instance this was a legacy issue from a previous fund service provider. However, it is the Commission’s expectation that the new service provider would ensure that investors meet the investment criteria when conducting periodic reviews.

9.2.3 Another finding was in relation to a small number of investors in an expert fund not signing the investment risk warning required by paragraph 3.7 of the Expert Fund Guide. This warning is mandatory as it serves to satisfy the requirement that an investor understands the risks associated with investing in an expert fund.

9.2.4 A further finding involved the situation whereby a client engages an investment manager to make the investment in an expert fund on his/her behalf. The client was a non-discretionary managed client but the investment manager failed to get the client to sign the investment warning in their own right.

9.2.5 Generally most of the expert funds reviewed had appropriate policies and procedures in place to ensure that investors are eligible and meet the requirements in the Expert Fund Guide.

9.3 Supervision examinations

9.3.1 Other findings from the Supervision examinations mirror those for fund services business, but relate to the certified fund’s obligations under the CIF Codes and the Commission’s Outsourcing and Delegation Policy.

9.3.2 For example some certified funds had not conducted a business risk assessment or the business risk assessment was inadequate and did not reflect the key risks in the funds, such as the risk rating of the underlying investors.

9.3.3 Other findings relate to monitoring the performance of the service provider to which the fund activity has either been outsourced or delegated, such as the absence of an outsourcing agreement, or an agreement being in place but not properly followed. Examples include failure to conduct annual due diligence visits to Administrators to whom the fund had delegated the CDD function.

9.3.4 There were also instances of the compliance monitoring program for the fund not referring to the CIF Codes and little underlying testing being conducted. For example, for a small number of funds there was no evidence that the Administrator conducted testing to monitor, and ensure, that the fund’s investment restrictions were being adhered to.

For the full document please visit http://www.jerseyfsc.org/pdf/FSB-2014-Examination-Findings-June-2015.pdf